Alleged bug on the official Android Reddit app may lead to personal data leak

How many social media applications do you use? A typical smartphone user fiddles with at least three (Facebook, Instagram, and we can include WhatsApp too) a day. However, you know many other services of the same kind are out there, don’t you?

Talking about social media, we can’t ignore Reddit. It is a news segregation and discussion website. With more than 300 million users, the service is sixth popular in the world according to StatCounter.
reddit android app

As a Reddit user with an Android phone, it is hard to overlook the official application. Though there are a few third-party apps to access the service, millions prefer the original one on the Play Store. Nonetheless, a few days ago, a gruesome concern about the official app has popped up.

A programmer named Eric Urban published an article that deals with the image compression mechanism of Android Reddit app. In it, he describes how the whole procedure may leak the images you don’t want to share.

His investigation began when he noticed an image with a ghost effect on Reddit. By contacting the author, he could get access to the original image. Apparently, it didn’t have the odd ghostly image on the top.

android reddit app
Source (Click on the image to zoom)

After communicating with the user who posted, Urban got to know the extra artefact came from another image taken at the same time of the posted one. The Reddit app seems to have combined both.

android reddit app image issue
Source (Click on the image to zoom)

Being a programmer, Urban went on investigating further. After decompiling the APK file of the application, he got to know it uses progressive JPEGs. In case you are not aware, that’s actually a way of displaying images which ‘fades in’ in succession to form the whole.

Progressive JPEGs are used to compress images so that they become visible even with low speed internet connections. Coming back to the investigation, he even duplicated the issue by creating an image with the ghost effect.

And according to him, the first image you saw is the combination of two JPEG files spliced together at an arbitrary point. If it keeps on happening, chances are you will accidentally leak images that you don’t want to share.

With all that being said, he couldn’t find out what code would be responsible for compression before the upload. And, he failed to spot another image with the same issue on Reddit too. So, we hope the problem isn’t widespread.

Note:- Don’t forget to stay tuned to this story as we will be updating this all the progresses.

PiunikaWeb started as purely an investigative tech journalism website with main focus on ‘breaking’ or ‘exclusive’ news. In no time, our stories got picked up by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and many others. Want to know more about us? Head here.

Want to work for PiunikaWeb and enjoy best-in-industry compensation & benefits? You'll be glad to know we're hiring experienced candidates.

Rahul Krishnan

Rahul Krishnan, a wordsmith from Kerala, India is always in lookout for his next article idea. He is a fanatic reader. And, the rumour is that his mom has recently hidden his debit card so that he won't buy books anymore. She doesn't know he has a spare one.